MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b5fe0bca85911efd678afbd6ecbf510e8e1a0163f0245ca71e60cd7215fbfb3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b5fe0bca85911efd678afbd6ecbf510e8e1a0163f0245ca71e60cd7215fbfb3
SHA3-384 hash: 7bc3f4fdcbe0317b55305294038f924c6780f29b1144763d852f2d68797d4878f8e23681be88fe70993e72eb088f3eaf
SHA1 hash: 7a8ad9573817e696ca736e1b898af1c36457aec4
MD5 hash: 4c5cc057efda353c1afd48805080df22
humanhash: lemon-yankee-august-emma
File name:4c5cc057efda353c1afd48805080df22.dll
Download: download sample
File size:167'424 bytes
First seen:2022-11-21 09:05:11 UTC
Last seen:2022-11-21 10:41:23 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 504155502cfe160130de1e2904de8840
ssdeep 3072:0oP9x2sMSvB4YLfT15wnv8V2XMMSJz+YHSvM16DiDEAACQwRj5xik7O6b:dP9qBYLvwne2XVSJz+YoMkHCQwRVx+6
TLSH T1F3F312A586BD3757E1B4ED762EF33AC889DA749933410C2D0CADE4B1E9821703BD9931
TrID 34.7% (.EXE) UPX compressed Win32 Executable (27066/9/6)
34.1% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
8.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.7% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter abuse_ch
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
169
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/336640/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.63763958.23951.1403.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed shell32.dll
Link:
https://www.filescan.io/uploads/637b3f7b903ba0eaf36ccdb2/reports/9e46a87d-fad2-40a1-902c-4a40654cec5a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9c840116-5d90-49a9-8f42-ec9c8ca237a3
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1117992
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 750704 Sample: EpsvNt2YVb.dll Startdate: 21/11/2022 Architecture: WINDOWS Score: 60 19 Antivirus / Scanner detection for submitted sample 2->19 21 Multi AV Scanner detection for submitted file 2->21 23 Machine Learning detection for sample 2->23 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 6 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7b5fe0bca85911efd678afbd6ecbf510e8e1a0163f0245ca71e60cd7215fbfb3/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-11-20 20:13:52 UTC
File Type:
PE (Dll)
Extracted files:
3
AV detection:
21 of 40 (52.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pnp6bpfilei67vtyv66w5s7vcduodiawh4belstr4ygnoik7x6zq._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  9/10
Tags:
upx
Link:
https://tria.ge/reports/221121-k2rzhsce28/
Behaviour
Suspicious use of WriteProcessMemory
UPX packed file
Unpacked files
SH256 hash:
45516a26c84f292541018562b401e36acf0543acdbfce8087d81e94b71d8a415
MD5 hash:
833a940e3d7fec249695b3bf92d5aaf8
SHA1 hash:
67ffe1ba1fbfe3c6f22b9cb85ac616907ed115d3
Link:
https://www.unpac.me/results/6e409fb6-6544-4365-b4ee-a989e8e6ab31/
SH256 hash:
7b5fe0bca85911efd678afbd6ecbf510e8e1a0163f0245ca71e60cd7215fbfb3
MD5 hash:
4c5cc057efda353c1afd48805080df22
SHA1 hash:
7a8ad9573817e696ca736e1b898af1c36457aec4
Link:
https://www.unpac.me/results/6e409fb6-6544-4365-b4ee-a989e8e6ab31/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/7b5fe0bca859/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7b5fe0bca85911efd678afbd6ecbf510e8e1a0163f0245ca71e60cd7215fbfb3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 7b5fe0bca85911efd678afbd6ecbf510e8e1a0163f0245ca71e60cd7215fbfb3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2428361/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/336640/

Comments